Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/019-no_uid_restoration_test.patch
author Jan Parcel <jan.parcel@oracle.com>
Mon, 01 Feb 2016 06:53:50 -0800
changeset 5376 4615bc2f4a50
parent 2181 e4bedf346edf
permissions -rw-r--r--
22631538 Patch comment incorrect/outdated for patch 039-sshd_config_5_defaults.patch

#
# OpenSSH verifies, that changing [ug]id back to 0 fails, after it
# was set to the values of the user logging in.
# On Solaris, if that user was given PRIV_PROC_SETUID privilege,
# set[gu]id(0) succeeds. But in this case this is not an error in
# dropping privilege, such user is supposed to be able to do that.
#
# This fix removes this check entirely. Skipping the check only in
# case PRIV_PROC_SETUID is asserted in the effective set was considered
# but decided against. The check is redundant, because inability to
# restore uid=0 can be inferred from successful run of setreuid(uid, uid).
#
# The fix is implemented by replacing an OS-related HAVE_CYGWIN guard
# with a functional NO_UID_RESTORATION_TEST and by defining the new
# symbol in the component Makefile.
#
# This patch was submitted upstream:
#
# https://bugzilla.mindrot.org/show_bug.cgi?id=2299
#
# See the above URL for details on if/when it might be accepted.
#
diff -ur old/uidswap.c new/uidswap.c
--- old/uidswap.c	2014-01-18 01:43:50.000000000 -0800
+++ new/uidswap.c	2014-09-04 06:26:32.965065384 -0700
@@ -134,7 +134,7 @@
 void
 permanently_drop_suid(uid_t uid)
 {
-#ifndef HAVE_CYGWIN
+#ifndef NO_UID_RESTORATION_TEST
 	uid_t old_uid = getuid();
 #endif
 
@@ -142,7 +142,7 @@
 	if (setresuid(uid, uid, uid) < 0)
 		fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
 
-#ifndef HAVE_CYGWIN
+#ifndef NO_UID_RESTORATION_TEST
 	/* Try restoration of UID if changed (test clearing of saved uid) */
 	if (old_uid != uid &&
 	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
@@ -199,7 +199,7 @@
 void
 permanently_set_uid(struct passwd *pw)
 {
-#ifndef HAVE_CYGWIN
+#ifndef NO_UID_RESTORATION_TEST
 	uid_t old_uid = getuid();
 	gid_t old_gid = getgid();
 #endif
@@ -227,7 +227,7 @@
 	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
 		fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 
-#ifndef HAVE_CYGWIN
+#ifndef NO_UID_RESTORATION_TEST
 	/* Try restoration of GID if changed (test clearing of saved gid) */
 	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
 	    (setgid(old_gid) != -1 || setegid(old_gid) != -1))
@@ -241,7 +241,7 @@
 		    (u_int)pw->pw_gid);
 	}
 
-#ifndef HAVE_CYGWIN
+#ifndef NO_UID_RESTORATION_TEST
 	/* Try restoration of UID if changed (test clearing of saved uid) */
 	if (old_uid != pw->pw_uid &&
 	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
upstream/oracle/userland-gate